Brokerage fined $375,000 in data-breach case; alleged hackers arrested and extradited from Eastern Europe

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://blog.thenewstribune.com/business/2010/04/12/brokerage-fined-375000-in-data-breach-case-alleged-hackers-arrested-and-extradited-from-eastern-europe/

If you’ve got a brokerage account with D.A. Davidson, then it’s likely
that you’ve already heard about the breach in security and what the
company has done to secure a remedy.

As a penalty, the Financial Industry Regulatory Authority announced
this morning that it has fined the Montana-based financial services
firm $375,000 for failing to protect confidential client information.

The company’s computer data were invaded, and confidential information
downloaded, in 2008. The accused hackers, Latvian natives, then
attempted to blackmail the firm.

The company immediately reported the incident and assisted the Secret
Service in identifying “four members of an international group
suspected of participating in the hacking attack of the firm. Three of
those individuals have been extradited from Eastern Europe, arrested
and are facing charges in federal court in Montana,” according to a
FINRA release.

In assessing the penalty, FINRA considered Davidson’s response to
protect its customers and cooperation with authorities.

To date, no clients have suffered any instance of identity theft
related to the incident.

In settling the case, the firm neither admitted nor denied the
charges, but consented to the entry of FINRA's findings.

Jacquie Burchard, D.A. Davidson spokeswoman, said today, “We responded
as quickly as possible and helped our clients. We provided them with
free credit-monitoring service for two years, and had a phone bank
available immediately. We feel that we were definitely on the ball and
watching out for our clients’ interests.”

Burchard noted that regulators were complimentary of the firm's
response to the crime. She also said the firm received an audit report
attesting to its strong security a few months before the intrusion,
and that Davidson was in the process of upgrading its security system
at the time.

Said FINRA Executive Vice President and Executive Director of
Enforcement James S. Shorri, "Broker-dealers must be especially
vigilant about protecting its customers' confidential information,
which includes ensuring that its technology is sufficient.”

To check whether your broker has been the subject of disciplinary
action, visit www.finra.org/brokercheck or call 800-289-9999.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php